Ðarcher: Detecting on-chain-off-chain synchronization bugs in decentralized applications

Zhang，Wuqi1; Wei，Lili2; Li，Shuqing2; Liu，Yepang2; Cheung，Shing Chi1

10.1145/3468264.3468546

2021-08-20

29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)

ESEC/FSE 2021 - Proceedings of the 29th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

553-565

AUG 23-28, 2021

null,null,ELECTR NETWORK

1601 Broadway, 10th Floor, NEW YORK, NY, UNITED STATES

ASSOC COMPUTING MACHINERY

Since the emergence of Ethereum, blockchain-based decentralized applications (DApps) have become increasingly popular and important. To balance the security, performance, and costs, a DApp typically consists of two layers: an on-chain layer to execute transactions and store crucial data on the blockchain and an off-chain layer to interact with users. A DApp needs to synchronize its off-chain layer with the on-chain layer proactively. Otherwise, the inconsistent data in the off-chain layer could mislead users and cause undesirable consequences, e.g., loss of transaction fees. However, transactions sent to the blockchain are not guaranteed to be executed and could even be reversed after execution due to chain reorganization. Such non-determinism in the transaction execution is unique to blockchain. DApp developers may fail to perform the on-chain-off-chain synchronization accurately due to their lack of familiarity with the complex transaction lifecycle. In this work, we investigate the challenges of synchronizing on-chain and off-chain data in Ethereum-based DApps. We present two types of bugs that could result in inconsistencies between the on-chain and off-chain layers. To help detect such on-chain-off-chain synchronization bugs, we introduce a state transition model to guide the testing of DApps and propose two effective oracles to facilitate the automatic identification of bugs. We build the first testing framework, ÐArcher, to detect on-chain-off-chain synchronization bugs in DApps. We have evaluated ÐArcher on 11 popular real-world DApps. ÐArcher achieves high precision (99.3%), recall (87.6%), and accuracy (89.4%) in bug detection and significantly outperforms the baseline methods. It has found 15 real bugs in the 11 DApps. So far, six of the 15 bugs have been confirmed by the developers, and three have been fixed. These promising results demonstrate the usefulness of ÐArcher.

Blockchain DApps Decentralized applications Software testing

通讯

英语

CPCI-S ; EI

National Natural Science Foundation of China[61932021]

Computer Science

Computer Science, Software Engineering

WOS:000744425500051

20214010982541

Application programs ; Automation ; Ethereum ; Life cycle ; Program debugging ; Software testing ; Synchronization

Computer Software, Data Handling and Applications:723 ; Computer Programming:723.1 ; Database Systems:723.3 ; Computer Applications:723.5 ; Automatic Control Principles and Applications:731 ; Systems Science:961

2-s2.0-85116290515

Scopus

1.Hong Kong University of Science and Technology,Hong Kong
2.Southern University of Science and Technology,China

Zhang，Wuqi,Wei，Lili,Li，Shuqing,et al. Ðarcher: Detecting on-chain-off-chain synchronization bugs in decentralized applications[C]. 1601 Broadway, 10th Floor, NEW YORK, NY, UNITED STATES:ASSOC COMPUTING MACHINERY,2021:553-565.